Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Expiry for authorization code & refresh tokens?

Solved!
Go to solution

Expiry for authorization code & refresh tokens?

Avatar of DaveCa
Regular
2024-01-10 07:58 PM

Hi - Access token exportation is documented at 1 hour, but I cannot see anything indicating that the authorization code (i.e.: what is sent to the redirect URL after you point the user's browser to the 'authorize' endpoint). Does this mean that it's good forever? If not: does anyone know what errors will ensue once the expiry occurs?

Same question for the refresh token parameter - does it also have a 1 hour timeout, same as the access token?

Labels:
0 Likes
Reply

Accepted Solutions
Marked as solution

Avatar of pettinen
Casual Listener
2024-01-10 11:15 PM

Authorization codes seem to expire in 10 minutes. Makes sense, since that's the maximum lifetime the OAuth 2.0 spec recommends.

 

Trying to get tokens with an expired code returns HTTP 400 with

{"error":"invalid_grant","error_description":"Authorization code expired"}

And they're not going to be stored forever, so eventually, presumably, HTTP 400 with

{"error":"invalid_grant","error_description":"Invalid authorization code"}

(not that it makes a difference; error_description is not a machine-readable field and your code shouldn't care about it).

View solution in original post

3 Replies

Avatar of Ximzend
Spotify Star
Spotify Star
2024-01-10 08:55 PM

When an access token is expired, you'll get a 401 error.

When the refresh token is expired, you'll get a new one when you refresh the access token.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Avatar of DaveCa
Regular
2024-01-10 08:58 PM

Thanks for this. Any info on whether the authorization code ever expires? 

0 Likes
Marked as solution

Avatar of pettinen
Casual Listener
2024-01-10 11:15 PM

Authorization codes seem to expire in 10 minutes. Makes sense, since that's the maximum lifetime the OAuth 2.0 spec recommends.

 

Trying to get tokens with an expired code returns HTTP 400 with

{"error":"invalid_grant","error_description":"Authorization code expired"}

And they're not going to be stored forever, so eventually, presumably, HTTP 400 with

{"error":"invalid_grant","error_description":"Invalid authorization code"}

(not that it makes a difference; error_description is not a machine-readable field and your code shouldn't care about it).

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more